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IP DELIVERY OF SECURE DIGITAL CONTENT 

CROSS-REFERENCE TO RELATED APPLICATIONS 

This application is a continuation-in-part of United 
States Patent Application No. 10/037,499 filed January 2, 
2002, which is based on a United States Provisional 
Application No. 60/343,710, filed on October 26, 2001, 
United States Provisional Application No. 60/304,131, filed 
on July 10, 2001, United States Provisional Application No. 
60/304,241, filed on July 10, 2001, and United States 
Provisional Application No. 60/296,673, filed on June 6, 
2001 . 

BACKGROUND 

1. Field 

Embodiments of the invention relate to digital devices. 
More specifically, one embodiment of the invention relates 
to an apparatus and method for delivery content over a 
network and descrambling the received digital content. 

2 . General Background 

Television is used to deliver entertainment and 
education to viewers. The source material (audio, video, 
etc.) is multiplexed into a combined signal which is then 
used to modulate a carrier. This carrier is commonly known 
as a channel . A typical channel may carry one analog 
program, one or two high definition (HD) digital program (s) , 
or perhaps several (e.g. nine) standard definition digital 
programs . 
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In a cable system, the modulated channels are carried 
over a cable. There may also be an in-band or out-of-band 
feed of a program guide, which indicates what programs are 
available and the associated tuning information. The number 
of cable channels is finite and limited by equipment /cable 
bandwidth. A conventional cable system is illustrated in 
FIGURE 1. 

In such a system, the cable operator processes 
audio/video (A/V) content 14 with conditional access (CA) 
technology from manufacturer A (system A) using CA 
encryption equipment 18 compliant with system A at the cable 
system head-end 22. The encrypted A/V content along with 
system information (SI) 26 and program specific information 
(PSI) 27 is multiplexed together and transmitted over the 
cable system 32 to a user's set-top box (STB) 36. The STB 
3 6 incorporates decrypting CA equipment from system A 40 
that decrypts the A/V content . The decrypted A/V content 
can then be supplied to a television set 44 for viewing by 
the user. 

Similarly, in a terrestrial broadcast or a direct 
satellite broadcast, however, these channels correspond to 
wireless signal frequencies. The program is delivered to a 
receiver having a tuner that recovers the signal from the 
air and delivers it to a demodulator. The demodulator, in 
turn, provides video to a display and audio to speakers. 

Over time, these above-identified service providers as 
well as other service providers may use, in whole or in 
part, publicly accessible networks (e.g., Internet or an 
Internet Protocol (IP) based network) for downloading 
content (e.g., video, audio, digital pictures, and other 
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data) . Since most digital content is a valuable asset, 
most content owners want to control access and restrict 
copies. As a result, content protection schemes that 
support the transfer of digital content over a public 
network are needed. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

Embodiments of the invention are illustrated by way of 
example and not by way of limitation in the figures of the 
accompanying drawings, in which like references indicate 
similar elements and in which: 

FIGURE 1 is a diagram of a conventional conditional 
access cable system. 

FIGURE 2 is an exemplary diagram of a system 
consistent with one embodiment of the present invention in 
which dual encrypted audio is transmitted along with clear 
video . 

FIGURE 3 is an exemplary diagram of a system 
consistent with an embodiment of the present invention in 
which portions of programming are dual encrypted according 
to a time slice mechanism. 

FIGURE 4 is an exemplary flow chart of a dual 
encryption process consistent with certain embodiments of 
the present invention. 

FIGURE 5 is an exemplary flow chart of a decryption 
process consistent with certain embodiments of the present 
invention . 

FIGURE 6 is an exemplary diagram of a system 
consistent with an embodiment of the present invention in 
which portions of programming are dual encrypted on a 
packet basis. 

FIGURE 7 is an exemplary flow chart of a dual 
encryption process consistent with certain embodiments of 
the present invention. 
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FIGURE 8 is an exemplary flow chart of a decryption 
process consistent with certain embodiments of the present 
invention . 

FIGURE 9 is an exemplary diagram of a system 
consistent with an embodiment of the present invention in 
which system information is encrypted and programming is 
sent in the clear. 

FIGURE 10 is an exemplary diagram of a generic system 
consistent with various embodiments of the present 
invention. 

FIGURE 11 is an exemplary diagram of a first 
embodiment of implementation of an encryption system 
consistent with embodiments of the present invention in a 
head- end . 

FIGURE 12 is an exemplary diagram of a second 
embodiment of implementation of an encryption system 
consistent with embodiments of the present invention in a 
head-end . 

FIGURE 13 is an exemplary flow chart of an overall 
encryption process used to implement certain embodiments of 
the present invention in a head-end. 

FIGURE 14 is an exemplary diagram of a first 
embodiment of a set-top box implementation of a decoding 
system consistent with embodiments of the present 
invention . 

FIGURE 15 is an exemplary diagram of a second 
embodiment of implementation of a decoding system 



080398P252X2 



-6- 



Sony IPD. 50N3195.02 



consistent with embodiments of the present invention in a 
digital device such as a set-top box (STB) . 

FIGURE 16 is an exemplary diagram of a third 
embodiment of implementation of a decoding system 
consistent with embodiments of the present invention in a 
STB. 

FIGURE 17 illustrates an exemplary PID remapping 
process carried out in one embodiment of a set -top box PID 
re -mapper . 

FIGURE 18 is an exemplary diagram of an exemplary 
decoder chip that can be utilized in a television set-top 
box consistent with the present invention. 

FIGURES 19A-19G are exemplary embodiments of streams 
of digital content transmitted from head-end equipment such 
as exemplary head-ends of FIGURES 2-3, 6, 9 and 10. 
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DETAILED DESCRIPTION 

Various embodiments of the invention relate to an 
apparatus, system and method for protecting the transfer of 
data over a network, especially over the Internet. In one 
embodiment, such protection involves the descrambling or 
decrypting of digital content from one or more service 
providers in digital devices. One type of digital device 
is a set-top box described herein, however the invention is 
applicable to other digital devices such as personal 
digital assistants (PDAs) , personal computers, personal 
music players, audio systems, digital recorders or the 
like. A ''service provider" includes, but is not limited to 
a terrestrial broadcaster, cable operator, direct broadcast 
satellite (DBS) company, or any other company providing 
content for download over the Internet or other Internet 
Protocol (IP) based networks. 

In the following description, certain terminology is 
used to describe features of the invention. For example, 
in certain situations, the terms "component" and "block" 
are representative of hardware and/or software configured 
to perform one or more functions. For instance, examples 
of "hardware" include, but are not limited or restricted to 
an integrated circuit such as a processor (e.g., a digital 
signal processor, microprocessor, application specific 
integrated circuit, a micro-controller, etc.). Of course, 
the hardware may be alternatively implemented as a finite 
state machine or even combinatorial logic. 

An example of "software" includes executable code in 
the form of an application, an applet, a routine or even a 
series of instructions. The software may be stored in any 
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type of machine readable medium such as a programmable 
electronic circuit, a semiconductor memory device such as 
volatile memory (e.g., random access memory, etc.) and/or 
non-volatile memory (e.g., any type of read-only memory 
"ROM", flash memory), a floppy diskette, an optical disk 
(e.g., compact disk or digital video disc "DVD" ) , a hard 
drive disk, tape, or the like. 

In addition, the term "program data" generally 
represents any type of information being transferred over a 
secure content delivery system. Examples of program data 
include system information (SI) , audio/visual (A/V) 
content, messages and/or other data, each of which will be 
described briefly below. A "message" is a collection of 
bits sent as a bit stream, a packet or successive packets. 
One type of message is an "Entitlement Control Message" 

(ECM) which generally describes which entitlements are 
needed in order to grant access to received content. 
Another type of message is an "Entitlement Management 
Message" (EMM) which may be used to deliver entitlements 

(sometimes referred to as "privileges" ) . 

Moreover, the terms "scramble" and "encrypt" and 
variations thereof are used synonymously to describe an act 
of obfuscation. Also, the term "television program" and 
similar terms can be interpreted in the normal 
conversational sense, as well as a meaning wherein the term 
means any segment of A/V content that can be displayed on a 
television set or similar monitor device. 

While this invention is susceptible of embodiment in 
many different forms, there is shown in the drawings and 
will herein be described in detail specific embodiments, 
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with the understanding that the present disclosure is to be 
considered as an example of the principles of the invention 
and not intended to limit the invention to the specific 
embodiments shown and described. 

It is appreciated that modern digital cable networks 
generally use conditional access (CA) systems that fully 
encrypt digital audio and video to make programming 
inaccessible except to those who have properly subscribed. 
Such encryption is designed to thwart hackers and non- 
subscribers from receiving programming that has not been 
paid for. However, as content providers wish to provide 
their subscribers with digital devices from any of several 
manufacturers, they are frustrated by the need to transmit 
multiple copies of a single program encrypted with multiple 
encryption technologies compliant with the CA systems of 
each digital device manufacturer. 

This need to carry multiple copies of the programming 
(called "full dual carriage") uses up valuable bandwidth 
that could be used to provide the viewer with additional 
programming content. Certain embodiments of the invention 
address this problem in which the bandwidth requirements to 
provide an equivalent to multiple carriage are minimized. 

In addition, content providers are now seeking a wide 
variety of content delivery mechanisms, besides cable, to 
securely provide and protect the transfer of data. In one 
embodiment of the invention, such protection involves the 
descrambling or decrypting of A/V content over a public 
network . 
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ENCRYPTED ELEMENTARY STREAM 

Turning now to FIGURE 2, one embodiment of a system 
that reduces the need for additional bandwidth to provide 
multiple carriage is illustrated as system 100. In this 
embodiment, the system takes advantage of the fact that 
viewing television programming without audio is usually 
undesirable. While there are exceptions (e.g., adult 
programming, some sporting events, etc.), the typical 
viewer is unlikely to accept routine viewing of television 
programming without being able to hear the audio. Thus, 
at head-end 122, the video signal 104 is provided in the 
clear (unencrypted) while the clear audio 106 is provided 
to multiple CA systems for broadcast over the public 
network. In the exemplary system 100, clear audio 106 is 
provided to a CA encryption system A 118 that encrypts 
audio data (encryption system A will be considered the 
legacy system throughout this document) . Simultaneously, 
clear audio 106 is provided to a CA encryption system B 124 
that encrypts the audio data. Clear video is then 
multiplexed along with encrypted audio from 118 (Audio A) 
and encrypted audio from 124 (Audio B) , system information 
128 and program specific information 129. 

After distribution through a public network 32, the 
video, system information, program specific information, 
Audio A and Audio B are all delivered to set-top boxes 36 
and 136. At legacy set-top box (STB) 36, the video is 
displayed and the encrypted audio is decrypted at CA system 
A 40 for play on television set 44. Similarly, at new STB 
13 6, the video is displayed and the encrypted audio is 
decrypted at CA system B 140 for play on television set 
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144 . 

Audio has a relatively low bandwidth requirement 
compared with a complete A/V program (or even just the 
video portion) . The current maximum bit rate for 
stereophonic audio at 384 Kb/second is approximately 10% of 
a 3.8Mb/second television program. Thus, for dual carriage 
of only encrypted audio (with video transmitted in the 
clear) in a system with ten channels carried with 256 QAM 
(quadrature amplitude modulation) , a loss of only about one 
channel worth of bandwidth would occur. Therefore, 
approximately nine channels could be carried. This is a 
dramatic improvement over the need to dual encrypt all 
channels, which would result in a decrease in available 
channels from ten to five. Where deemed necessary, e.g., 
sporting events, pay per view, adult programming, etc., 
dual encryption of both audio and video can still be 
carried out, if desired. 

Both legacy and new set -top boxes can function in a 
normal manner receiving video in the clear and decrypting 
the audio in the same manner used for fully decrypting 
encrypted A/V content. If the user has not subscribed to 
the programming encrypted according to the above scheme, at 
best the user can only view the video without an ability to 
hear the audio. For enhanced security over the video, it 
possible to employ other embodiments of the invention (as 
will be described later) here as well. (For example, the 
SI may be scrambled to make it more difficult for a non- 
authorized set-top box to tune to the video portion of the 
program.) Unauthorized set -top boxes that have not been 
modified by a hacker, will blank the video as a result of 
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receipt of the encrypted audio. 

Authorized set-top boxes receive Entitlement Control 
Messages (ECM) that are used to get access criteria and 
descrambling keys. The set-top box attempts to apply the 
keys to video as well as the audio. Since the video is not 
scrambled, it simply passes through the set- top boxes' 
descrambler unaffected. The set -top boxes do not care that 
the video is in- the-clear . The un-modified and un- 
subscribed set-top boxes behave as being un-authorized for 
the scrambled audio as well as the clear video. The video, 
as well as the audio which was actually scrambled, will be 
blanked. An on-screen display may appear on the TV stating 
that the viewer needs to subscribe to programming. This 
desirably totally inhibits the casual viewer from both 
hearing and viewing the content . 

In one embodiment of the present invention, the 
encrypted audio is transmitted as digitized packets over 
the A/V channel. Two (or more) audio streams are 
transmitted encrypted according to the two (or more) 
encryption systems in use by the system's set-top boxes 

(STBs) . In order for the two (or more) STBs to properly 
decrypt and decode their respective audio streams, SI 

(system information) data are transmitted from the head-end 
122 that identifies the particular channel where the audio 
can be found using a transmitted Service Identifier to 
locate the audio. This is accomplished by assigning the 
audio for system A is a first packet identifier (PID) and 
assigning the audio for system B a second packet identifier 

(PID) . By way of example, and not limitation, the 
following program specific information (PSI) can be sent to 
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identify the location of the audio for two systems, one 
using NDS™ conditional access and one using Motorola® 
conditional access. Those skilled in the art will 
understand how to adapt this information to the other 
embodiments of partial encryption described later herein. 

The SI can be separately delivered to both legacy and 
non-legacy set-top boxes. It is possible to send SI 
information so that the legacy and non-legacy set-top boxes 
operate essentially without interference. In the SI 
delivered to legacy set -top boxes, the VCT (virtual channel 
table) would state that the desired program, e.g. HBO 
referenced as program number 1, is on Service ID w l" and 
that the VCT access control bit is set. The network 
information table (NIT) delivered to that first STB would 
indicate that Service ID w l" is at frequency = 1234. In 
the SI delivered to non-legacy set-top boxes, the VCT would 
state that the desired program, e.g. HBO referenced as 
program number 1001, is on Service ID " 10 01 11 and that the 
VCT access control bit is set. The network information 
table delivered to the non- legacy STB would indicate that 
the Service ID "1001" is at frequency 1234. The following 
exemplary program association Table PSI data are sent to 
both legacy and non- legacy set -top boxes (in MPEG data 
structure format) : 
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PAT sent on PID=OxOOOO 

PAT 0x0000 

Transport Stream ID 
PAT version 
Program Number 1 

- PMT 0x0010 
Program Number 2 

PMT 0x0 02 0 
Program Number 3 

- PMT 0x0 03 0 
Program Number 4 

PMT 0x0 04 0 
Program Number 5 

- PMT 0x0050 
Program Number 6 

- PMT 0x0060 
Program Number 7 

- PMT 0x0070 
Program Number 8 

- PMT 0x0080 
Program Number 9 

- PMT 0x0090 
Program Number 10 01 

- PMT 0x1010 
Program Number 10 02 

- PMT 0x1020 
Program Number 10 03 

- PMT 0x1030 
Program Number 10 04 

- PMT 0x1040 
Program Number 10 05 

- PMT 0x1050 

Program Number 10 06 
PMT 0x1060 
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The following exemplary program map table PSI data are 
selectively received by legacy and non- legacy set -top boxes 
(in MPEG data structure format) : 



PMT sent on 


PID=0x0010 




PMT 0x0010 






PMT Program number 1 






PMT Section Version 10 






PCR PID 0x0011 






Elementary Stream 






Stream Type (Video 0x02 


or 0x8 0) 




Elementary PID (0x0011) 






Descriptor 






CA Descriptor (ECM) for 


CA provider 


#1 


Elementary Stream 






Stream Type (Audio 0x81) 






Elementary PID (0x0012) 






Descriptor 






CA Descriptor (ECM) for 


CA provider 


#1 
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PMT sent on PID=0xl010 

PMT 0x1010 

PMT Program number 1010 
PMT Section Version 10 
PCR PID 0x0011 
Elementary Stream 

Stream Type (Video 0x02 or 0x80) 

Elementary PID (0x0011) 

Descriptor 

CA Descriptor (ECM) for CA provider #2 
Elementary Stream 

Stream Type (Audio 0x81) 
Elementary PID (0x0013) 
Descriptor 

CA Descriptor (ECM) for CA provider #2 



Considering an example wherein it is desired to 
deliver programming in a system using either Motorola or 
Scientific Atlanta as well as NDS CA, the above 
communications are consistent with the PSI delivered by 
both Motorola and Scientific Atlanta in their CA systems, 
with only minor changes. The program association table 
(PAT) is changed to reference an additional program map 
table (PMT) for each program. Each program in this 
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embodiment has two program numbers in the PAT. In the 
table above, program number 1 and program number 1001 are 
the same program except that they will reference different 
audio PIDs and CA descriptors. Changes in the system to 
create multiple PMTs and to multiplex new PAT and PMT 
information with the data stream can be made to 
appropriately modify the head-end equipment. Again, those 
skilled in the art will understand how to adapt these 
messages to other partial encryption schemes described 
herein. An advantage of this approach is that no special 
hardware or software is required for head-end or for legacy 
and non- legacy set -top boxes to deliver audio that is both 
legacy and non- legacy encrypted using this scheme. 

This technique deters the user from use of premium 
programming which has not been paid for by rendering it 
inaudible, but a hacker may attempt to tune the video. To 
combat this, the mechanisms employed in other encryption i 
techniques consistent with the present invention (as will 
be described later) can be employed simultaneously, if 
desired. Since closed captioning is generally transmitted 
as a part of the video data, the user can still obtain 
readable audio information in conjunction with clear video. 
Thus, although adequate for some applications, the present 
technique alone may not provide adequate protection in all 
scenarios. In another embodiment, video packets containing 
closed captioning information as a part of the payload can 
additionally be scrambled. 

In an alternative embodiment, only the video may be 
dual encrypted with separate PIDs assigned to each set of 
encrypted video. While this may provide a more secure 
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encryption for general programming (since video may be more 
important than audio) , the amount of bandwidth savings 
compared with full dual carriage is only approximately ten 
percent, since only the audio is shared amongst all the 
set-top boxes. However, this approach might be used for 
certain content, e.g. adult and sports, and help reduce the 
bandwidth overhead for that content while the audio 
encryption approach may be used for other content types. 
In the Digital Satellite Service (DSS) transport standard 
used for the DirecTV™ service, the ardio packets can be 
identified for encryption by use of the service channel 
identifier (SCID) which is considered equivalent. 

TIME SLICING 

Another embodiment consistent with the present 
invention is referred to herein as time slicing and is 
illustrated in FIGURE 3 as system 200. In this embodiment, 
a portion of each program is encrypted on a time dependent 
basis in a manner that disrupts viewing of the program 
unless the user has paid for the programming. This 
embodiment of the invention can be implemented as partially 
encrypted video and clear audio, clear video and partially 
encrypted audio or partially encrypted video and audio. 
The duration of the time slice that is encrypted, taken as 
a percentage of the total time, can be selected to meet any 
suitable desired balance of bandwidth usage, security 
against hackers. In general, under any of the embodiments 
described herein, less than 100 percent of the content is 
encrypted to produce a desired partial encryption. The 
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following example details partially encrypted video and 
audio . 

By way of example, and not limitation, consider a 
system which has nine programs that are to be dual 
partially encrypted according to the present exemplary 
embodiment. These nine channels are fed to the head-end as 
a multiplexed stream of packets and are digitally encoded 
using packet identifiers (PID) to identify packets 
associated with a particular one of the nine programs. In 
this example, assume that those nine programs have video 
PIDs numbered 101-109 and audio PIDs numbered 201-2 09. The 
partial encryption, according to this embodiment is time 
multiplexed among the programs so that only packets from a 
single program are encrypted at any given time. The method 
does not need to be content aware. 

With reference to TABLE 1 below, an exemplary 
embodiment of a time slice dual encryption scheme 
consistent with an embodiment of the invention is 
illustrated. For program 1 having primary video PID 101 
and primary audio PID 201, during the first time period, 
packets having PID 101 and PID 201 are encrypted using 
encryption system A, while the others representing the 
other programs are sent in the clear. In this embodiment, 
secondary PIDs are also assigned to both the video and the 
audio. The secondary PIDs are PID 111 for video and PID 
211 for audio respectively for program 1. The packets with 
the secondary PIDs are encrypted using encryption system B 
during the first time period. 

The next eight time periods are sent in the clear. 
Then for time period 10, packets having any of the above 



080398P252X2 



-20- 



Sony IPD. 50N3195.02 



four PIDs are again encrypted followed by the next eight 
time periods being sent in the clear. In a similar manner, 
during the second period of program 2 having primary video 
PID 102 and primary audio PID 201 are encrypted using 
encryption system A and packets with their associated 
secondary PIDs are encrypted using encryption system B, and 
during the next eight time periods are sent in the clear, 
and so on. This pattern can be seen clearly in TABLE 1 by 
examination of the first nine rows. 

Both audio and video packets, or audio alone or video 
alone can be encrypted according to this technique, without 
departing from the invention. Also, the audio and video 
can have their own individual encryption sequence. In 
TABLE 1, "PI" indicates time period number 1, "P2" 
indicated time period number 2 and so on. U EA" indicates 
that the information is encrypted using CA system A and 
"EB" indicates that the information is encrypted using CA 
encryption system B. "CL" indicates that the information 
is in the clear (non-encrypted) . 
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PROG 


VIDEO 
PID 


AUDIO 
PID 


PI 


P2 


P3 


P4 


P5 


P6 


P7 


P8 


P9 


P10 


Pll 


P12 


... 


1 


PID 
101 


PID 
201 


EA 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


EA 


CL 


CL 


... 


2 


PID 
102 


PID 
202 


CL 


EA 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


EA 


CL 


... 


3 


PID 
103 


PID 
203 


CL 


CL 


EA 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


EA 


... 


4 


PID 
104 


PID 
204 


CL 


CL 


CL 


EA 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


... 


5 ! 


PID 
105 


PID 
205 


CL 


CL 


CL 


CL 


EA 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


... 


6 


PID 
106 


PID 
206 


CL 


CL 


CL 


CL 


CL 


EA 


CL 


CL 


CL 


CL 


CL 


CL 




7 


PID 
107 


PID 
207 


CL 


CL 


CL 


CL 


CL 


CL 


EA 


CL 


CL 


CL 


CL 


CL 
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8 


PID 
108 


PID 
208 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


EA 


CL 


CL 


CL 


CL 


... 


9 


PID 
109 


PID 
209 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


EA 


CL 


CL 


CL 


... 


1 


PID 
111 


PID 
211 


EB 


















EB 






... 


2 


PID 
112 


PID 
212 




EB 


















EB 




... 


3 


PID 
113 


PID 
213 






EB 


















EB 


... 


4 


PID 
114 


PID 
214 








EB 


















... 


5 


PID 
115 


PID 
215 










EB 


















6 


PID 
116 


PID 
216 












EB 
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7 


PID 
117 


PID 
217 














EB 












... 


8 


PID 
118 


PID 
218 
















EB 












9 


PID 
119 


PID 
219 


















EB 











TABLE 1 



In order to retain compatibility with an established 
legacy encryption system (encryption system A) , the 
encrypted periods for each of programs one through nine are 
encrypted using encryption system A. Legacy STB equipment 
will accept such partially encrypted A/V data streams 
passing unencrypted packets and decrypting encrypted 
packets transparently. However, it is desired to obtain 
dual encryption using both encryption system A and 
encryption system B. In order to achieve this, a specified 
program is assigned both primary PIDs (e.g., for program 1, 
video PID 101 and audio PID 201) and a secondary PID (e.g., 
for program 1, video PID 111 and audio PID 211) to carry 
the elementary data streams for a given premium channel. 

With reference to FIGURE 3, system 200 generally 
depicts the functionality of the head-end 222 wherein N 
channels of clear video 208 at the head-end 222 are 
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provided to an intelligent switch 216 (operating under 
control of a programmed processor) which routes packets 
that are to be transmitted in the clear to be assigned a 
primary PID at a PID assign block 220. Packets that are to 
be encrypted are routed to both CA system A encrypter 218 
and to CA system B encrypter 224. Once encrypted, these 
encrypted packets from 218 and 224 are assigned primary or 
secondary PIDs respectively at the PID assign block 220. 
System information 228 is multiplexed or combined with the 
clear packets, the system A encrypted packets and the 
system B encrypted packets and broadcast over the public 
network 32 . 

For discussion purposes, if the period of the time 
slice is 100 milli- seconds, then as shown in TABLE 1, there 
are on average one and a fraction encrypted periods 
totaling 111 milli-seconds each second for all nine- 
programs. If the period is 50 milli-seconds, then there 
are on average two and a fraction encrypted periods 
totaling 111 milli-seconds. A non- subscribing box 
attempting to tune video would obtain a very poor image if 
it could maintain any sort of image lock and the audio 
would be garbled. 

The PSI for a partially scrambled stream is handled 
slightly differently from the dual audio encryption example 
above. Essentially, the same SI and PAT PSI information 
can be sent to both legacy and non- legacy set -top boxes. 
The difference lies with the PMT PSI information. The 
legacy set -top box parses the PMT PSI and obtains the 
primary video and audio PIDs as before. The non- legacy 
set-top box obtains the primary PIDs like the legacy set- 
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top box but must look at the CA descriptors in the PMT PSI 
to see if the stream is partially scrambled. The secondary 
PID is scrambled specifically for a particular CA provider, 
consequently it makes sense to use the CA descriptor 
specific to a particular CA provider to signal that PID. 
The invention can allow more than two CA providers to co- 
exist by allowing more than one secondary PID. The 
secondary PID shall be unique to a particular CA provider. 
The set -top box know the CA ID for the CA it has, and can 
check all CA descriptors for the relevant one for it. 

While it is possible to send the secondary PID data as 
private data in the same CA descriptor used for the ECM, 
the preferred embodiment uses separate CA descriptors. The 
secondary PID is placed in the CA PID field. This allows 
head-end processing equipment to "see" the PID without 
having to parse the private data field of the CA 
descriptor. To tell the difference between the ECM and 
secondary PID CA descriptor, a dummy private data value can 
be sent . 



080398P252X2 



-26- 



Sony IPD. 50N3195.02 



PMT sent on PID=0x0010 




PMT 0x0010 




PMT Program number 1 




PMT Section Version 10 




PCR PID 0x0011 




Elementary Stream 




Stream Type (Video 0x02 or 0x8 0) 




Elementary PID (0x0011) 




Descriptor 




CA Descriptor (ECM) for CA provider #1 




CA Descriptor (ECM) for CA provider #2 




CA Descriptor (Secondary PID) for CA provider 


#2 


Elementary Stream 




Stream Type (Audio 0x81) 




Elementary PID (0x0012) 




Descriptor 




CA Descriptor (ECM) for CA provider #1 




CA Descriptor (ECM) for CA provider #2 




CA Descriptor (Secondary PID) for CA provider 


#2 



CA Descriptor for CA Provider #2 (ECM) 
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Descriptor 

Tag: Conditional Access (0x09) 
Length: 4 Bytes 
Data 

CA System ID: 0x0942 (2 nd CA provider) 
CA PID (0x0015) 



CA Descriptor for CA Provider #2 (Secondary PID) 
Descriptor 

Tag: Conditional Access (0x09) 
Length: 5 Bytes 
Data 

CA System ID: 0x1234 (2 nd CA provider) 
CA PID (0x0016) 
Private Data 



Legacy STB 3 6 operating under CA system A receives the 
data, ignores the secondary PIDs, decrypts the packets 
encrypted under CA system A and presents the program to the 
television set 44. New or non-legacy STB 236 receives the 
SI 228. It receives PSI 229 and uses the PMT to identify 
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the primary and secondary PID, called out in the second CA 
descriptor, associated with the program being viewed. The 
packets encrypted under CA system A 218 are discarded and 
the packets encrypted under CA system B 224 with the 
secondary PID are decrypted by CA system B 240 and inserted 
into the clear data stream for decoding and display on 
television set 244. 

FIGURE 4 illustrates one process for encoding at the 
head- end that can be used to implement an embodiment of the 
present invention wherein CA system A is the legacy system 
and CA system B is the new system to be introduced. As a 
clear packet is received, at block 250 for a given program, 
if the packet (or frame) is not to be encrypted (e.g., it 
is not the current time slice for encryption for this 
program) , the clear packet (C) is passed for insertion into 
the output stream at block 254. If the current packet is 
to be encrypted by virtue of the current packet being a 
part of the encryption time slice, the packet is passed for 
encryption to both packet encryption process A 2 58 and 
packet encryption process B 262. The encrypted packets 
from encryption process A at 258 (EA) are passed on to 
block 254 for insertion into the output stream. The 
encrypted packets from encryption process B at 2 62 (EB) are 
assigned a secondary PID at 264 for insertion into the 
output stream at 254. This is repeated for all packets in 
the program. 

FIGURE 5 illustrates a process used in the STB 236 of 
FIGURE 3 having the newly introduced CA system B for 
decrypting and decoding the received data stream containing 
C, EA and EB packets having primary and secondary PIDs as 
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described. When a packet is received at block 272, it is 
inspected to see if it has a the primary PID of interest. 
If not, the packet is examined to see if it has the 
secondary PID of interest at block 2 74. If the packet has 
neither the primary or secondary PID, it is ignored or 
dropped at block 278. Any intervening packets between the 
EA and EB packets that are not the primary or secondary PID 
are discarded. It is an implementation and mainly a 
buffering issue whether a decoder can receive multiple EA 
or EB in a row before receiving the replacement matched EA 
or EB packet. Also, just as easy to detect for secondary 
packets that come before and not after the primary packet. 
It is also possible to design a circuit where either case 
can happen - the secondary packet can before or after the 
primary packet. If the packet has the primary PID of 
interest, the packet is examined at block 2 84 to determine 
if it is encrypted. If not, the packet (C) is passed 
directly to the decoder at block 288 for decoding. If the 
packet is encrypted at block 2 84, it is determined to be an 
EA packet and is dropped or ignored at 278. In some 
implementations, the primary packet's encryption does not 
get checked at block 284. Rather, its simple position 
relative to the secondary packet can be checked at block 
284 to identify it for replacement. 

If the packet has the secondary PID at block 274, the 
PID is remapped to the primary PID at block 2 92 (or 
equivalently, the primary PID is remapped to the secondary 
PID value) . The packet is then decrypted at block 296 and 
sent to the packet decoder at block 288 for decoding. Of 
course, those skilled in the art will recognize that many 
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variations are possible without departing from the 
invention, for example, the order of blocks 292 and 296 or 
the order of blocks 272 and 274 can be reversed. As 
mentioned earlier, block 284 can be replaced with a check 
of primary packet position with respect to the secondary 
packet. Other variations will occur to those skilled in 
the art . 

Legacy STB 36 of FIGURE 3, operating under the 
encryption system A, totally ignores the secondary PID 
packets. Packets with the primary PID are decrypted, if 
necessary, and passed to the decoder without decryption if 
they are clear packets. Thus, a so called "legacy" STB 
operating under encryption system A will properly decrypt 
and decode the partially encrypted data stream associated 
with the primary PID and ignore the secondary PID without 
modification. STBs operating under the encryption system B 
are programmed to ignore all encrypted packets associated 
with the primary PID and to use the encrypted packets 
transmitted with the secondary PID associated with a 
particular channel . 

Thus, each dual partially encrypted program has two 
sets of PIDs associated therewith. If, as described, the 
encryption is carried out on a period-by-period basis, for 
the system shown with an appropriate time slice interval, 
the picture will be essentially unviewable on a STB with 
neither decryption. 

In order to implement this system in the head-end 322 
of FIGURE 6, the SI and PSI can be modified for inclusion 
of a second set of CA descriptor information. Legacy set- 
top boxes may not be able to tolerate unknown CA 
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descriptors. Consequently, as an alternative, in the set- 
top box, it may be possible to ''hard code" offsets from the 
legacy CA PIDs for both the content PIDs and/or the SI/PSI 
and ECM PIDs. As another alternative, parallel PSI may be 
sent. For example, an auxiliary PAT can be delivered on 
PID 1000 instead of PID 0 for the non-legacy set-top boxes. 
It can reference auxiliary PMTs not found in the legacy 
PAT. The auxiliary PMTs can contain the non- legacy CA 
descriptors. Since auxiliary PMTs would not be known to 
the legacy set -top boxes, there would not be any 
interoperation issue . 

In systems where system A corresponds to legacy set- 
top boxes manufactured by Motorola® or Scientific Atlanta®, 
no modifications to the STBs are required. For the system 
B compliant STBs, for dual carriage of partially encrypted 
programs as described herein, the video and audio decoder 
are adapted to listen to two PIDs each (a primary and a 
secondary PID) instead of just one. There may be one or 
more secondary shadow PIDs, depending on the number of non- 
legacy CA systems in use, however a specific set -top box 
only listens to one of the secondary PIDs as appropriate 
for the CA method being used by that specific STB. In 
addition, ideally the encrypted packets from the PID 
carrying the mostly clear video or audio are ignored. 
Since ignoring u bad packets' 7 (those that cannot be readily 
decoded as is) may already be a function that many decoders 
perform, thus requiring no modification. 

For systems with decoders that do not ignore bad 
packets, a filtering function can be used. It should be 
understood that the time slice encryption technique could 
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be applied to just the video or the audio. Also, the video 
may be time slice encrypted while the audio is dual 
encrypted as in the earlier embodiment. The time slice 
technique may be applied to multiple programs concurrently. 
The number of programs that are encrypted during a period 
of time is mainly an issue of bandwidth allocation, and 
although the example discusses scrambling a single program 
at a time, the invention is so limited. Other combinations 
of encryption techniques described in this document will 
also occur to those skilled in the art. 

M TH AND N PACKET ENCRYPTION 

Another embodiment consistent with the present 
invention is referred to herein as M th & N packet 
encryption. This is a variation of the embodiment 
illustrated in FIGURE 3 as system 200. In this embodiment, 
packets of each PID representing a program are encrypted in 
a manner that disrupts viewing of the program unless the 
user has paid for the programming. In this embodiment, M 
represents the number of packets between the start of an 
encryption event. N represents the number of packets that 
are encrypted in a row, once encryption takes place. N is 
less than M. If M=9 and N=l, then every nine packets there 
is an encryption event lasting 1 packet. If M=16 and N=2, 
then every sixteen packets there is an encryption event 
lasting two packets. Each packet to be dual partially 
encrypted is duplicated and processed using CA system A 218 
and CA system B 224 as in the previous embodiment. The 
difference in operation between this embodiment and the 
time slicing technique previously is in the operation of 
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switch 216 to effect the selection of packets to encrypt 
under control of a programmed processor. 

By way of example, and not limitation, consider a 
system which has nine channels of programming that are to 
be dual encrypted according to the present exemplary 
embodiment. These nine channels are digitally encoded 
using packet identifiers (PID) to identify packets 
associated with a particular one of nine programs. In this 
example, assume that those nine programs have video PIDs 
numbered 101-10 9 and audio PIDs numbered 2 01-209. The 
encryption, according to this embodiment is random program- 
to-program so that packets from other programs may be 
encrypted at the same time. This is illustrated in TABLE 2 
below in which M=6 and N=2 and in which only video is 
encrypted, but this should not be considered limiting. The 
method does not need to be content aware . In TABLE 2 , 
"PKl" indicated packet number 1, "PK2" indicates packet 
number 2, and so on. "EA" indicates that the information is 
encrypted using CA system A and "EB" indicates that the 
information is encrypted using CA system B. "CL" indicates 
that the information is in the clear (non- encrypted) . 



PROG 


VIDEO 


PK1 


PK2 


PK3 


PK4 


PK5 


PK6 


PK7 


PK8 


PK9 


PK10 


PK11 


PK12 




1 


PID 
101 


EA 


EA 


CL 


CL 


CL 


CL 


EA 


EA 


CL 


CL 


CL 


CL 




2 


PID 
102 


CL 


CL 


CL 


EA 


EA 


CL 


CL 


CL 


CL 


EA 


EA 


CL 
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3 


PID 
103 


CL 


CL 


EA 


EA 


CL 


CL 


CL 


CL 


EA 


EA 


CL 


CL 


... 


4 


PID 
104 


CL 


CL 


CL 


EA 


EA 


CL 


CL 


CL 


CL 


EA 


EA 


CL 


... 


5 


PID 
105 


CL 


CL 


EA 


EA 


CL 


CL 


CL 


CL 


EA 


EA 


CL 


CL 


... 


6 


PID 

106 


EA 


CL 


CL 


CL 


CL 


EA 


EA 


CL 


CL 


CL 


CL 


EA 


... 


7 


PID 
107 


EA 


EA 


CL 


CL 


CL 


CL 


EA 


EA 


CL 


CL 


CL 


CL 


... 


8 


PID 
108 


CL 


EA 


EA 


CL 


CL 


CL 


CL 


EA 


EA 


CL 


CL 


CL 


... 


9 


PID 
109 


EA 


CL 


CL 


CL 


CL 


EA 


EA 


CL 


CL 


CL 


CL 


EA 


... 


1 


PID 
111 


EB 


EB 










EB 


EB 










... 


2 


PID 
112 








EB 


EB 










EB 


EB 




... 


3 


PID 

113 






EB 


EB 










EB 


EB 








4 


PID 
114 








EB 


EB 










EB 


EB 






5 


PID 
115 






EB 


EB 










EB 


EB 
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6 


PID 
116 


EB 










EB 


EB 










EB 


... 


7 


PID 
117 


EB 


EB 










EB 


EB 












8 


PID 
118 




EB 


EB 










EB 


EB 










9 


PID 
19 


EB 










EB 


EB 










EB 





TABLE 2 



In the example of TABLE 2, each program is encrypted 
fully independently of the others using the M=6 and N=2 
encryption scheme. Again, the illustrated example encrypts 
only the video, but audio could also be encrypted according 
to this or another arrangement. If applied to just the 
video, audio may be dual scrambled or time slice encrypted 
as in earlier embodiments. Alternatively, if applied to 
just the audio, the video may be time sliced as in the 
earlier embodiment. 

Those skilled in the art will recognize that many 
variations of the technique can be devised consistent with 
the partial scrambling concepts disclosed herein. For 
example, a pattern of five clear followed by two encrypted 
followed by two clear followed by one encrypted 
(CCCCCEECCECCCCCEECCE . . . ) is consistent with variations of 
the present partial encryption concept, as are random, 
pseudo- random and semi -random values for M and N may be 
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used for selection of packets to encrypt. Random, pseudo- 
random or semi -random (herein collectively referred to as 
"random" herein) selection of packets can make it difficult 
for a hacker to algorithmically reconstruct packets in a 
post processing attempt to recover recorded scrambled 
content. Those skilled in the art will understand how to 
adapt this information to the other embodiments of partial 
encryption described later herein. Some of the embodiments 
can be used in combination to more effectively secure the 
content . 
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DATA STRUCTURE ENCRYPTION 

Another partial encryption method consistent with 
embodiments of the present invention uses a data structure 
as a basis for encryption. By way of example and not 
limitation, one convenient data structure to use for 
encryption is an MPEG video frame. This is illustrated 
(again with video only) in TABLE 3 below in which every 
tenth video frame is encrypted. In this embodiment, each 
program's ten frame encryption cycle is distinct from each 
other channel, but this should not be considered limiting. 
This concept can be viewed as a variation of the time slice 
or M th and N partial encryption arrangement (or other 
pattern) based upon video or audio frames (or some other 
data structure) with the exemplary embodiment having M=10 
and N=l. Of course, other values of M and N can be used in 
a similar embodiment. In TABLE 3, Fl represents frame 
number 1, F2 represents frame number 2 and so on. 



PROG 


VIDE 
O 


Fl 


F2 


F3 


F4 


F5 


F6 


F7 


F8 


F9 


F10 


Fll 


F12 




1 


PID 
101 


EA 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


EA 


CL 




2 


PID 
102 


CL 


CL 


CL 


EA 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


CL 




3 


PID 
103 


CL 


CL 


EA 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


CL 


CL 





080398P252X2 



-38- 



Sony IPD. 50N3195.02 
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PID 
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CL 
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CL 
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EA 


CL 


CL 


CL 


CL 


CL 


CL 
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111 


EB 




















EB 




... 


2 


PID 
112 








EB 


















... 


3 


PID 
113 






EB 




















... 


4 


PID 
114 










EB 


















5 


PID 
115 








EB 




















6 


PID 
116 


EB 




















EB 







080398P252X2 



-39- 



Sony IPD. 50N3195.02 
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PID 
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EB 
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EB 
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119 
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EB 







TABLE 3 



Thus, again each encrypted program has two sets of 
PIDs associated therewith. If, as described, the 
encryption is carried out on a period-by-period basis, for 
the system shown, the picture will be essentially 
unviewable. For a nine program system at 3 0 frames per 
second as depicted, approximately three frames per second 
will be encrypted. For viewers who are not entitled to 
view the program, their STB will be unable to capture much 
more than an occasional frozen frame as the STB constantly 
attempts to synchronize and recover. Viewers who have 
subscribed to the programming will be able to readily view 
the programming. The bandwidth cost for such an encryption 
arrangement depends upon the frequency with which the 
encryption is applied. In the above example, an extra 
factor of 1/9 of data is transmitted for each program. In 
this example, approximately one program's worth of 
bandwidth is used. With a greater number of programs, 
fewer packets per program are encrypted and the security of 
the encryption system may degrade somewhat. As in the 
randomized M and N method, random frames may be selected. 



I 
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Choosing random frames, in the video case, would help 
guarantee that all frame types would be affected - intra- 
coded frames (I frames) , predictive-coded (P frames) , 
bidirectional -coded (B frames) and DC frames. 

In a variation of the invention, it may be possible to 
encrypt fewer packets to achieve an acceptable level of 
security. That is, perhaps in a system of nine programs, 
only one frame per second may need to be encrypted to 
achieve acceptable levels of security. In such a system, 
the overhead becomes one encrypted period per second per 
program or approximately 1/3 0 of data transmitted in 
overhead. This level of overhead is a dramatic improvement 
over the 50% loss of bandwidth associated with full dual 
carriage of encryption under two encryption systems. In 
another variation of the invention, it may be possible to 
encrypt only certain video frames to achieve an acceptable 
level of security. For example, for MPEG content, only 
intra-coded frames (I frames) may be scrambled to further 
reduce the bandwidth overhead and still maintain an 
acceptable level of security. These offer significant 
improvement over the bandwidth required for full dual 
carriage . 

CRITICAL PACKET ENCRYPTION 

Substantial efficiency in bandwidth utilization can be 
achieved by use of a selective packet -by-packet dual 
encryption technique. In this technique, packets are 
selected for encryption based upon their importance to the 
proper decoding of the audio and/or video of the program 
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content . 

This embodiment can reduce the bandwidth requirement 
compared with full dual carriage of encrypted content by 
only scrambling a small fraction of the packets. Clear 
packets are shared between the two (or more) dual carriage 
PIDs. In one preferred embodiment, as will be disclosed, 
less that about one percent of the total content bandwidth 
is used. In a system with a legacy encryption scheme, 
clear program content packets can be received by both 
legacy and new set -top boxes. As mentioned before, 
encrypted packets are dual carried and processed by the 
respective set -top boxes with the appropriate CA. Each CA 
system is orthogonal. Key sharing is not required and 
different key epochs may be used by each CA system. For 
example, a system with Motorola's proprietary encryption 
can generate fast changing encryption keys using the 
embedded security ASIC, while an NDS smart card based 
system can generate slightly slower changing keys. This 
embodiment works equally well for Scientific Atlanta and 
Motorola legacy encryption. 

Referring now to FIGURE 6, an exemplary diagram of a 
system consistent with an embodiment of the present 
invention in which portions of programming are dual 
encrypted on a packet -by-packet basis is illustrated as 
system 300. In this system, packets of each program are 
dual encrypted using, for example, legacy CA system A and 
CA system B. The packets that are encrypted are selected 
based upon their importance to the proper decoding of the 
video and/or audio stream. 

In the system illustrated in FIGURE 6, the head-end 
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322 selects A/V content 304 packets at a packet selector 
316 for encryption. Packets selected for encryption are 
chosen so that their non-receipt (by a non-paying decoder) 
would severely affect the real-time decoding of a program, 
and any possible post processing of recorded content. That 
is, only critical packets are encrypted. For the video and 
audio, this can be accomplished by encrypting "start of 
frame" transport stream packets containing PES (packet i zed 
elementary stream) headers and other headers as part of the 
payload, since without this information, the STB decoder 
cannot decompress the MPEG compressed data. MPEG-2 streams 
identify "start of frame" packets with the "Packet Unit 
Start Indicator" in the transport header. Generally, 
packets carrying a payload that contains a group of 
pictures header or a video sequence header can be used to 
effect the present scrambling technique. 

MPEG (Moving Pictures Expert Group) compliant 
compressed video repackages the elementary data stream into 
the transport stream in somewhat arbitrary payloads of 188 
bytes of data. As such, the transport stream packets 
containing a PES header can be selected for encryption at 
selector 316 and dual encrypted by both the CA system A 
encrypter 318 and the CA system B encrypter 324. Packets 
to be dual partially encrypted are duplicated and the PIDs 
of duplicate packets encrypted by encrypter 324 are 
remapped at Assign Second PID block 330 to a secondary PID 
as in the previous embodiment. The remaining packets are 
passed in the clear. The clear packets, system A encrypted 
packets, system B encrypted packets and system information 
32 8 are multiplexed together for broadcast over the public 
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network 3 2 . 

As with the previous system, the legacy STB 36 
receives clear data and data encrypted under CA encryption 
system A and transparently passes unencrypted data combined 
with data decrypted by CA decryption system A 40 to its 
decoder. In the new STB 33 6, the program is assigned to 
both a primary and a secondary PID. The clear packets with 
the primary PID are received and passed to the decoder. 
The encrypted packets with the primary PID are discarded. 
Encrypted packets with the secondary PID are decrypted and 
then recombined with the data stream (e.g., by remapping 
the packets to the primary PID) for decoding. 

Using video is used as an example, each sample is 
known as a frame and the sample rate is typically 3 0 frames 
per second. If the samples are encoded to fit into 3.8 
Mbps, each frame would occupy 127K bits of bandwidth. This 
data is sliced for MPEG transport into packets of 188 bytes 
with the first packet (s) of each frame containing the 
header used for instructions to process the body of the 
frame data. Dual encrypting just the first header packet 
(1504 additional bits) requires only 1.2% (1504/127K) of 
additional bandwidth. For high definition (19 Mbps) 
streams the percentage is even less. 

As previously stated, transport stream packets 
containing a PES header are targeted for encryption 
according to the present embodiment. These packets contain 
sequence headers, sequence extension headers, picture 
headers, quantization and other decode tables that also 
fall within the same packet. If these packets cannot be 
decoded (i.e., by a hacker attempting to view unauthorized 
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programming without paying the subscription charges) , not 
even small portions of the program can be viewed. In 
general, any attempt to tune to the program will likely be 
met with a blank screen and no audio whatsoever since known 
decoder integrated circuits use the PES header to sync up 
to an elementary stream such as video and audio in real- 
time. By encrypting the PES header, the decoding engine in 
an un-authorized set-top box cannot even get started. Post 
processing attacks, e.g. on stored content, are thwarted by 
critical dynamically changing information in the packet 
containing the PES header. Those skilled in the art will 
appreciate that for implementation of this embodiment of 
the invention, other critical or important packets or 
content elements may also be identified for encryption that 
could severely inhibit unauthorized viewing without 
departing from the present invention. For example, MPEG 
intra-coded or I frame picture packets could be encrypted 
to inhibit viewing of the video portion of the program. 
Embodiments the present invention may be used in any 
combination with other embodiments, e.g. scrambling the 
packet containing the PES header as well as random, M th and 
N, or data structure encryption of the other packets. 
Critical packet encryption may be applied to video 
encryption, while a different method may be applied to 
audio. Audio could be dual encrypted, for instance. Other 
variations within the scope of the present invention will 
occur to those skilled in the art. 

FIGURE 7 is a flow chart depicting an exemplary 
encoding process such as that which would be used at head- 
end 322 of FIGURE 6. When a transport stream packet is 
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received at block 350, the packet is examined to determine 
if it meets a selection criteria for encryption. In one 
embodiment, this selection criteria is the presence of a 
PES header as a portion of the packet payload. If not, the 
packet is passed as a clear unencrypted packet (C) for 
insertion into the output data stream at block 354. If the 
packet meets the criteria, it is encrypted under CA 
encryption system A at block 358 to produce an encrypted 
packet EA. The packet is also duplicated and encrypted 
under CA encryption system B at 362 to produce an encrypted 
packet. This encrypted packet is mapped to a secondary PID 
at block 366 to produce an encrypted packet EB . Encrypted 
packets EA and EB are inserted into the output data stream 
along with clear packets C at block 354. Preferably, the 
EA and EB packets are inserted at the location in the data 
stream where the single original packet was obtained for 
encryption so that the sequencing of the data remains 
essentially the same. 

When the output data stream from block 3 54 is received 
at an STB compliant with CA encryption system B such as 
block 336 of FIGURE 6, a process such as that of FIGURE 8 
(which is similar to that of FIGURE 5) can be utilized to 
decrypt and decode the program. When a packet is received 
having either the primary or the secondary PID at block 
370, a determination is made as to whether the packet is 
clear (C) or encrypted under system A (EA) at block 370 or 
encrypted under system B (EB) at block 374. If the packet 
is clear, it is passed directly to the decoder 378. In 
some embodiments, the relative position of the primary 
packet, before or after, to the secondary packet may be 



080398P252X2 



-46- 



Sony IPD. 50N3195.02 



used to signal a primary packet for replacement in the 
stream. A check of the scrambling state of the primary 
packet is not specifically required. If the packet is an 
EA packet, it is dropped at 380. If the packet is an EB 
packet, it is decrypted at block 384. At this point, the 
secondary PID packets and/or the primary PID packets are 
remapped to the same PID at block 388. The decrypted and 
clear packets are decoded by decoder 378. 

The dual partial encryption arrangement described 
above can greatly reduce the bandwidth requirements over 
that required for full dual carriage. Encrypting the PES 
header information can be effective in securing video and 
audio content, while allowing two or more CA systems to 
independently "co-exist" on the same public network. 
Legacy system A set -top boxes are un-affected, and system B 
set -top boxes require only an minor hardware, firmware, or 
software enhancement to listen for two PIDs each for video 
and audio. Each type of STB, legacy and non- legacy, 
retains its intrinsic CA methodology. Head-end 
modification is limited to selecting content for 
encryption, introducing the second encrypter, and providing 
a means to mix the combination into a composite output 
stream. 

In one embodiment, the head-end equipment is 
configured to opportunistically scramble as much of the 
content as the bandwidth will allow, and not just the 
critical PES headers. These additional scrambled packets 
would be either in the PES payload or other packets 
throughout the video/audio frame to provide even further 
security of the content. 
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SI ENCRYPTION 

Turning now to FIGURE 9, one embodiment of an 
exemplary system 400 that minimizes the need for any 
additional bandwidth is illustrated. In this embodiment, 
the system 4 00 takes advantage of the fact that system 
information (SI) 428 is required for a set -top box to tune 
programming. In one type of public network, namely a cable 
system for example, SI is sent out-of-band, a frequency set 
aside from the normal viewing channels. It is possible to 
also send the SI 428 in-band. If sent in-band, the SI 428 
is replicated and sent with each stream. For discussion 
purposes, assume that the SI delivered to "legacy" set -top 
boxes from previous manufacturers is separate from the SI 
delivered to set -tops from new manufacturers such as STB 
436. Consequently, each version of the SI can be 
independently scrambled as illustrated using CA system A 
418 and CA system B 424. The clear video 404 and clear 
audio 406 are delivered in the clear, but in order to 
understand how to find them, the SI 428 is needed. 

The SI 42 8 comprises information about channel names 
and program guide information such as program names and 
start times, etc. ... as well as the frequency tuning 
information for each channel. Digital channels are 
multiplexed together and delivered at particular 
frequencies. In the embodiment of the invention, the SI 
42 8 is encrypted, and only made available to authorized 
set -top boxes. If the SI 428 is not received to allow 
knowledge of the location of all the A/V frequencies in the 
plant, then tuning cannot take place. 



080398P252X2 



-48- 



Sony IPD. 50N3195.02 



To frustrate a hacker who might program a set -top box 
to trial or scan frequencies, the frequencies for the 
channels can be offset from the standard frequencies. 
Also, the frequencies can be dynamically changed on a 
daily, weekly or other periodic or random basis. For 
instance, a typical cable head-end may have roughly 3 0 
frequencies in use. Each frequency is typically chosen to 
avoid interference between, among other things, each other, 
terrestrial broadcast signals, and frequencies used by 
clocks of the receiving equipment. Each channel has at 
least 1 independent alternate frequency that if used would 
not could not cause interference, or cause the frequency of 
adjoining channels to be changed. The actual possible 
frequency maps are therefore 2 30 or 1.07 x 10 9 . However, a 
hacker might simply quickly try both frequencies on each 
tune attempt for each of the 3 0 channels or so. 

If successful in locating a frequency with content, 
the hacker's set-top box can then parse the PSI 429 to 
learn about the individual PIDs that make up a program. 
The hacker will have difficulty learning that "program 1" 
is "CNN" , and that "program 5" is "TNN" , and so on. That 
information is sent with the SI, which as stated above is 
scrambled and otherwise unavailable to the un-authorized 
set-top box. However, a persistent hacker might yet figure 
those out by selecting each one and examining the content 
delivered. So in order to frustrate the identification of 
channels, the assignment of a program within a single 
stream can move around, e.g. program 2 and program 5 
swapped in the example above so that "program 1" is "TNN" 
and "program 5" is "CNN" . 
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Also, it is possible to move programs to entirely 
different streams with entirely new program groupings. A 
typical head-end can deliver 250 programs of content 
including music. Each can be uniquely tuned. The possible 
combinations for re-ordering are 250 1 (factorial). Without 
a map of the content provided by either the delivered SI or 
by a hacker, the user is faced with randomly selecting each 
program in a stream to see if it is the one interest. 

Thus, at head-end 422, the video signal 4 04 and the 
audio signal 4 06 are provided in the clear (unencrypted) 
while the SI 428 is provided to multiple CA systems for 
delivery over the public network. Thus, in the exemplary 
system 400, clear SI 428 is provided to CA system A 418 
that encrypts SI 428. Simultaneously, clear SI 428 is 
provided to CA system B 424 that encrypts the SI 428. 
Clear video and audio are then multiplexed along with 
encrypted SI from CA system A 418 (SI A) and encrypted 
audio from CA system B 424 (SI B) . After distribution 
through the public network 32, the video, the audio, system 
information A and system information B are all delivered to 
set-top boxes 36 and 436. At STB 36, the encrypted SI is 
decrypted at CA system A 40 to provide tuning information 
to the set-top box. The set-top box tunes a particular 
program to allow it to be displayed on television set 44. 
Similarly, at STB 436, the encrypted SI is decrypted at CA 
system B 440 to provide tuning information for the set-top 
box, allow a particular program to be tuned and displayed 
on television set 444 . 

An advantage of this approach is that no additional 
A/V bandwidth is required in the content delivery system. 
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Only the SI is dual carried. No special hardware is 
required. Any offset frequencies from the standard ones 
can be easily accommodated by most tuners. SI decryption 
can be performed in software or can be aided by hardware . 
For example, legacy Motorola set-top boxes have an ability 
to descramble the SI delivered in the Motorola out-of-band 
using a hardware decrypter built into the decoder IC chip. 

A determined hacker can potentially use a spectrum 
analyzer on the coax cable to learn where the A/V channels 
are located. Also, it may be possible for the hacker to 
program a set -top box to auto- scan the frequency band to 
learn where the A/V channels are - a relatively slow 
process. If the A/V channel frequencies changed 
dynamically, then that could foil the hackers, since they 
would need to be constantly analyzing or scanning the band. 
Also, the program numbers and assigned PIDs can vary. 
However, dynamically changing frequencies, program numbers, 
and PIDs might create operational difficulties to a service 
provider, e.g. cable operator. 

GENERALIZED REPRESENTATION 

Each of the above techniques can be represented 
generically by the system 500 of FIGURE 10. This system 
500 has a head-end 522 with clear video 504, clear audio 
506, SI 528, and PSI 529 any of which can be selectively 
switched through an intelligent processor controlled switch 
518, which also serves to assign PIDs (in embodiments 
requiring PID assignment or reassignment) , to CA system A 
504 or CA system B 524 or passed in the clear to the public 
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network 32. As previously, the program or SI encrypted 
according to the legacy CA system A can be properly decoded 
by STB 36. The CA system B encrypted information is 
understood by STBs 53 6 and decrypted and decoded 
accordingly, as described previously. 

PIP MAPPING CONSIDERATIONS 

The PID mapping concepts described above can be 
generally applied to the dual partial encryption techniques 
described herein, where needed. At the head-end, the 
general concept is that a data stream of packets is 
manipulated to duplicate packets selected for encryption. 
Those packets are duplicated and encrypted under two 
distinct encryption methods. The duplicated packets are 
assigned separate PIDs (one of which matches the legacy CA 
PID used for clear content) and reinserted in the location 
of the original selected packet in the data stream for 
transmission over the public network. At the output of the 
head-end, a stream of packets appears with the legacy 
encrypted packets and clear packets having the same PID. A 
secondary PID identifies the packets that are encrypted 
under the new encryption system. In addition to the PID 
remapping that takes place at the head-end, MPEG packets 
utilize a continuity counter to maintain the appropriate 
sequence of the packets. In order to assure proper 
decoding, this continuity counter should be properly 
maintained during creation of the packetized data stream at 
the head-end. This is accomplished by assuring that 
packets with each PID are assigned continuity counters 
sequentially in a normal manner. Thus, packets with the 
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secondary PID will carry a separate continuity counter from 
those of the primary PID. This is illustrated below in 
simplified form where PID 025 is the primary PID and PID 
125 is the secondary PID, E represents an encrypted packet, 
C represents a clear packet, and the end number represents 
a continuity counter. 



025C04 


025E05 


125E11 


025C06 


025C07 


025C08 


025C09 


125E12 



In this exemplary segment of packets, packets with PID 
02 5 are seen to have their own sequence of continuity 
counters (04, 05, 06, 07, 08, 09, ...). Similarly, the 
packets with secondary PID 125 also have their own sequence 
of continuity counters (11, 12, . . .) . 

At the STB, the PIDs can be manipulated in any number 
of ways to correctly associate the encrypted packets with 
secondary PID with the correct program. In one 
implementation, the packet headers of an input stream 
segment illustrated below: 



025C04 


025E05 


125E11 


025C06 


025C07 


025C08 


025C09 


025E10 



are manipulated to create the following output stream 
segment : 



125C04 


025E11 


125E05 


125C06 


125C07 


125C08 


125C09 


125E10 
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The primary PIDs (025) in the input stream are replaced 
with the secondary PID (125) for the clear packets (C) . 
For the encrypted packets, the primary PID and secondary 
PID are retained, but the continuity counters are swapped. 
Thus, the stream of packets can now be properly decrypted 
and decoded without errors caused by loss of continuity 
using the secondary PID. Other methods for manipulation of 
the PIDs, e.g. mapping the PID (125) on the scrambled 
legacy packet to a NOP PID (all ones) or other PID value 
not decoded, and the continuity counters can also be used 
in embodiments consistent with the present invention. 

The primary and secondary PIDs are conveyed to the 
STBs in the program map table (PMT) transmitted as a part 
of the program system information (PSI) data stream. The 
existence of a secondary PID can be established to be 
ignored by the STB operating under CA encryption system A 
(the "legacy" system) , but new STBs operating under CA 
encryption system B are programmed to recognize that 
secondary PIDs are used to convey the encrypted part of the 
program associated with the primary PID. The set -top boxes 
are alerted to the fact that this encryption scheme is 
being used by the presence of a CA descriptor in the 
elementary PID "for loop" of the PMT. There typically 
would be a CA descriptor for the video elementary PID "for 
loop", and another one in the audio elementary PID "for 
loop" . The CA descriptor uses a Private Data Byte to 
identify the CA_PID as either the ECM PID or the secondary 
PID used for partial scrambling, thus setting up the STB 
operating under system B to look for both primary and 
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secondary PIDs associated with a single program. Since the 
PID field in the transport header is thirteen bits in 
length, there are 2 13 or 8,192 PIDs available for use, any 
spare PIDs can be utilized for the secondary PIDs as 
required. 

In addition to the assignment of a PID for each 
program component or selected portion thereof, a new PID 
may be assigned to tag ECM data used in the second 
encryption technique. Each PID number assigned can be 
noted as a user defined stream type to prevent disrupting 
operation of a legacy STB. MPEG defines a reserved block 
of such numbers for user defined data stream types. 

While conceptually the PID mapping at the head-end is 
a simple operation, in practice the head-end equipment is 
often already established and is therefore modified to 
accomplish this task in a manner that is minimally 
disruptive to the established public network while being 
cost effective. Thus, the details of the actual 
implementation within the head- end are somewhat dependent 
upon the actual legacy hardware present in the head- end, 
examples of which are described in greater detail below. 

HEAD -END IMPLEMENTATIONS 

Those skilled in the art will appreciate that the 
above descriptions as related to FIGURES 2, 3, 6, 9 and 10 
are somewhat conceptual in nature and are used to explain 
the overall ideas and concepts associated with the various 
embodiments of the present invention. In realizing a real 
world implementation of the present invention, those 
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skilled in the art will recognize that a significant real 
world issue to contend with is providing a cost effective 
implementation of the various partial encryption methods 
within existing legacy head-end equipment at established 
service providers. Taking two of the primary legacy cable 
systems as examples, the following describes how the above 
techniques can be implemented at a head- end. 

First, consider a head-end using a Motorola brand 
conditional access system. In such a system the 
modifications shown in FIGURE 11 can be done to provide a 
cost effective mechanism for partial dual encryption 
implementation. In a typical Motorola® system, a HITS 
(Head-end In The Sky) or similar data feed is provided from 
a satellite. This feed provides aggregated digitized 
content that is supplied to service providers and is 
received by a receiver / descrambler / scrambler system 604 
such as the Motorola® Integrated Receiver Transcoder (IRT) 
models IRT 1000 and IRT 2000, and Motorola® Modular 
Processing System (MPS) . A clear stream of digitized 
television data can be obtained from the satellite 
descrambler functional block 606 of the receiver / 
descrambler / scrambler 604. This clear stream can be 
manipulated by a new functional block shown as packet 
selector / duplicator 610. This new block 610 may be 
implemented as a programmed processor or may be otherwise 
implemented in hardware, software or a combination thereof. 

Packet selector / duplicator 610 selects packets that 
are to be dual encrypted under any of the above partial 
dual encryption methods. Those packets are then duplicated 
with new PIDs so that they can be later identified for 
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encryption. For example, if packets at the input of 610 
associated with a particular program have PID A, then 
packet selector / duplicator 610 identifies packets to be 
encrypted and duplicates those packets and remaps them to 
PIDs B and C respectively, so that they can be identified 
later for encryption under two different systems. 

According to one embodiment, the duplicate packets are 
inserted into the data stream adjacent one another in the 
location of the originally duplicated packet now with PID C 
so that they remain in the same order originally presented 
(except that there are two packets where one previously 
resided in the data stream) . Assume, for the moment, that 
the new CA system to be added is NDS encryption. In this 
case, PID A will represent clear packets, PID B will 
represent NDS encrypted packets and PID C will represent 
Motorola® encrypted packets. The packets having PID B may 
be encrypted under the NDS encryption at this point in 610 
or may be encrypted later. 

The packets with PIDs B and C are then returned to the 
system 604 where packets with PID C are encrypted under 
Motorola encryption at scrambler 612 as instructed by the 
control system 614 associated with the Motorola equipment. 
The output stream from scrambler 612 then proceeds to 
another new device - PID remapper and scrambler 62 0, which 
receives the output stream from 612 and now remaps the 
remaining packets with PID A to PID C and encrypts the PID 
B packets under the NDS encryption algorithm under control 
of control system 624. The output stream at 626 has clear 
unencrypted packets with PID C and selected packets which 
have been duplicated and encrypted under the Motorola® 
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encryption system with PID C along with encrypted packets 
under the NDS encryption system with PID B. This stream is 
then modulated (e.g., Quadrature Amplitude Modulated "QAM" 
and RF modulated) for distribution over the public network. 
The preferred embodiment maps the unencrypted packets on 
PID A to match the scrambled packets on PID C because the 
audio and video PIDs called out in legacy program specific 
information (PSI) is correct that way. The control 
computer, the scrambler, and legacy set -top boxes only know 
about PID C. Alternatively, the scrambled packets on PID C 
could be mapped back to PID A, but this would likely mean 
editing the PSI, that was automatically generated, to map 
the PID numbers from PID C back to PID A in the PID 
remapper and scrambler 62 0. 

In the above example, the PID remapper and scrambler 
620 may also be used to demultiplex PSI information, modify 
it to reflect the addition of the NDS encryption (through 
the use of CA descriptors in the PMT) and multiplex the 
modified PSI information back into the data stream. The 
ECMs to support NDS encryption may also be inserted into 
the data stream at PID remapper and scrambler 62 0 (or could 
be inserted by packet selector / duplicator 610) . 

Thus, in order to add NDS encryption (or another 
encryption system) to a head-end using Motorola® equipment, 
packets are duplicated and PIDs are remapped in the data 
stream from the satellite descrambler. The remapped PIDs 
are then used to identify packets that are to be scrambled 
under each CA system. Once the legacy system encryption 
has taken place, the clear PID is then remapped so that 
both clear and encrypted packets in the legacy system share 
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the same PID (or PIDs) . PID remapping as in 62 0 and packet 
selection and duplication as in 610 can be implemented 
using a programmed processor or using custom or semi -custom 
integrated circuitry such as an application specific 
integrated circuit or a programmable logic device or field 
programmable gate array. Other implementations are also 
possible without departing from the present invention. 

FIGURE 12 depicts a similar equipment configuration 
such as that used in implementing the partial dual 
encryption of the present invention in a Scientific Atlanta 
based head-end. In this embodiment, the HITS feed or 
similar is received at IRD 704, which incorporates a 
satellite descrambler 706. This may be a Motorola® IRT or 
MPS with only the satellite descrambler function enabled. 
The output of the satellite descrambler 706 again provides 
a clear data stream that can be manipulated by a new packet 
selector / duplicator 710 which selects packets to be 
encrypted, duplicates them and maps the PIDs of the 
duplicate packets to new PIDs. Again, for example, packets 
to remain in the clear are assigned PID A, packets to be 
encrypted under the new system (e.g., NDS) are assigned PID 
B and packets to be encrypted under the Scientific Atlanta® 
encryption system are assigned PID C. The packets with PID 
B may be encrypted at this point under the NDS™ encryption 
system. 

The stream of packets is then sent to a multiplexer 
712 (e.g., a Scientific Atlanta® multiplexer) where the 
packets having PID C are encrypted under the Scientific 
Atlanta® encryption system at 714 under control of control 
system 718 associated with multiplexer 712. The stream of 



080398P252X2 



-59- 



Sony IPD. 50N3195.02 



data is then supplied internal to multiplexer 712 to a QAM 
modulator 720. In order to properly remap the packets, the 
QAM modulated signal at the output of multiplexer 712 is 
provided to a new processor system 724 where the QAM 
modulated signal is demodulated at a QAM demodulator 73 0 
and the clear PID A packets are remapped to PID C at PID 
remapper 734 under control of a control system 738. 
Encryption under the NDS™ encryption algorithm can also be 
carried out here rather than in 710. The data stream with 
remapped PIDs and dual partial encryption is then QAM and 
RF modulated at 742 for distribution over the public 
network . 

In the above example, the PID remapper and scrambler 
734 may also be used to demultiplex PSI information, modify 
it to reflect the addition of the NDS encryption (adding 
the CA descriptors to the PMT) and multiplex the modified 
PSI information back into the data stream. The ECMs to 
support NDS encryption may also be inserted into the data 
stream at PID remapper and scrambler 734 (or could be 
inserted by packet selector / duplicator 710) . PID 
remapping and or scrambling as in 734 along with QAM 
demodulation and QAM modulation as in 73 0 and 742 
respectively, and packet selection and duplication as in 
710 can be implemented using a programmed processor or 
using custom or semi -custom integrated circuitry such as an 
application specific integrated circuit or a programmable 
logic device or field programmable gate array. Other 
implementations are also possible without departing from 
the present invention. 
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The above embodiments of the present invention allow 
legacy scrambling equipment to scramble only the packets 
desired in an elementary stream instead of the entire 
elementary stream. The scrambling of certain packets of an 
elementary stream is accomplished by using a PID number for 
packets that are not going to be scrambled, e.g., PID A. 
Packets that will be scrambled will be placed on PID C. 
The scrambling equipment will scramble the packets on PID C 
(the ones that have been selected for scrambling) . After 
the scrambling has taken place, the unscrambled packets 
have the PID number mapped to the same as the scrambled 
packet - PID A becomes PID C. The legacy set- top boxes 
will receive an elementary stream with both scrambled and 
un-scrambled packets. 

The packets in these embodiments are handled as a 
stream. The entire stream is sent to the legacy scrambling 
equipment for scrambling. This keeps all of the packets in 
exact time synchronous order. If packets were extracted 
from a stream and sent to the legacy scrambling equipment, 
time jitter might be introduced. The present embodiment 
avoids that problem by keeping all the packets in a stream. 
The embodiment does not require cooperation from the legacy 
scrambling equipment provider because that equipment is not 
involved in the remapping of packets- from PID A to PID C. 
This remapping is preferable because the PID called out by 
the PSI generated by the legacy scrambling system does not 
need to change. The legacy system knows about PID C, but 
not PID A. The entire elementary stream to be scrambled by 
the legacy scrambling equipment is found on a single PID 
that the scrambling system has been instructed to scramble. 
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In the above examples, the use of NDS as the second 
encryption system should not be considered limiting. 
Moreover, although two widely used systems - Motorola and 
Scientific Atlanta have been depicted by way of example, 
similar modifications to legacy systems to permit PID 
remapping and dual partial encryption can be used. In 
general, the technique described above involves the process 
generally described as 800 in FIGURE 13. A feed is 
received at block 806, which is descrambled as it is 
received at block 810 to produce a clear data stream of 
packets. At block 814, packets are selected according to 
the desired partial dual encryption technique (e.g., audio 
only, packets containing PES header, etc.). At block 818, 
the selected packets are duplicated and the duplicate pairs 
are remapped to two new PIDs (e.g., PID B and PID C) . The 
duplicated packets are then encrypted based upon PID (that 
is, PID C is encrypted according to legacy encryption and 
PID B is encrypted according to the new encryption system) 
at block 822. The clear packets (e.g., PID A) are then 
remapped to the same PID as the legacy encrypted PID (PID 
C) at block 826. 

The order in which some of the elements of the process 
of FIGURE 13 are carried out can vary according to the 
particular legacy system being modified to accommodate the 
particular dual encryption arrangement being used. For 
example, encryption under a new encryption system can be 
carried out either at the time of duplication or later at 
the time of remapping the legacy packets, as illustrated in 
FIGURE 11 and 12. Additionally, various demodulation and 
re-modulation operations can be carried out as needed to 
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accommodate the particular legacy system at hand (not shown 
in FIGURE 13) . 

SET-TOP BOX IMPLEMENTATIONS 

Several set-top box implementations are possible 
within the scope of the present invention. The method used 
at the head-end to select packets for encryption is 
irrelevant to the STB. 

One such implementation is illustrated in FIGURE 14. 
In this embodiment, packets from a tuner 904 along with 
optional demodulator (hereinafter referred to as 
"tuner/demodulator" ) are provided to a decoder circuit 
908' s demultiplexer 910. The packets are buffered into a 
memory 912 (e.g., using a unified memory architecture) and 
processed by the STB's main CPU 916 using software stored 
in ROM memory 92 0. 

Selected PIDs can be stripped from the incoming 
transport via the STB's PID filter, decrypted and buffered 
in SDRAM, similar to the initial processing required in 
preparation for transfer to an HDD in a PVR application. 
The host CPU 916 can then "manually" filter the buffered 
data in SDRAM for elimination of the packets containing 
unneeded PIDs. There are some obvious side effects to this 
process . 

The host overhead is estimated to be about 1% of the 
bandwidth of the CPU. In the worst case, this is 
equivalent to 40K bytes/Second for a 15 Mbit/Second video 
stream. This reduction is possible since at most only 4 
bytes of each packet is evaluated and the location is on 
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188 byte intervals so the intervening data does not have to 
be considered. Each packet header in SDRAM can therefore 
be directly accessed through simple memory pointer 
manipulation . 

Additionally, packets are cached in blocks and 
evaluated en masse to reduce task switching of the host. 
This would eliminate an interrupt to other tasks upon the 
reception of each new packet. This may produce a increased 
latency for starting decode of a stream upon channel change 
to allow time for cache fill. This may be negligible 
depending upon the allocated SDRAM cache buffer size. 

The host filtered packets in the SDRAM buffer are then 
transferred to the A/V Queue through existing hardware DMA 
processes and mimics a PVR implementation. The filtered 
packets are then provided to the decoder 922 for decoding. 

A second technique for implementation in a set -top box 
is illustrated in FIGURE 15. Since RISC processor A/V 
decoder module in decoder block 93 0 processes the partial 
transport PIDs and strips/concatenates for decode, the 
firmware within decoder block 93 0 can be altered to exclude 
individual packets in a partial transport stream based upon 
criteria in each packet header. Alternatively, the 
demultiplexer 910 can be designed to exclude the packets. 
Legacy scrambled packet (s) pass through the CA module still 
encrypted. By using the decoder block 93 0 to perform the 
removal of the legacy scrambled packets and assuming that 
the packets encrypted under the new encryption algorithm 
(e.g., NDS) is immediately adjacent the legacy encrypted 
packet (or at least prior to next primary stream video 
packet) then the pruning of the legacy packet in effect 
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accomplishes the merging of a single, clear stream into the 
header strip and video queue. 

A third technique for implementation of partial 
decryption in a set-top box is illustrated in FIGURE 16. 
In this embodiment, the PID remapping is carried out either 
within a circuit such as an ASIC, Field Programmable Gate 
Array (FPGA) , or a programmable logic device (PLD) 938 or 
other custom designed circuit placed between the 
tuner/demodulator 904 and the decoder block 908. In a 
variation of this embodiment, the decoder block 908 can be 
modified to implement the PID remapping within 
demultiplexer 940. In either case, the legacy encrypted 
packets are dropped and the non- legacy packets re-mapped 
either in circuit 938 or demultiplexer 940. 

This third technique can be implemented in one 
embodiment using the PLD depicted in FIGURE 17. This 
implementation assumes that there will be not be more than 
one encrypted packet of a particular PID appearing in a 
row, thus, the implementation could be modified to 
accommodate bursts of encrypted packets such as with the M 
and N th encryption arrangement described above (as will be 
explained later) . The input stream passes through a PID 
identifier 950, which serves to demultiplex the input 
stream based upon PID. Primary PID packets are checked for 
continuity at 958. If a continuity error is detected, the 
error is noted and the counter is reset at 960. 

The original input packet stream contains packets 
tagged with many PIDs . The PID identifier 950 separates 
packets with the two PIDs of interest (primary and 
secondary PIDs) from all other packets. This capability 
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can be scaled to process multiple PID pairs. These other 
packets are bypassed directly to the revised output stream. 
This processing results in a three or four byte clocking 
delay. 

Packets with the secondary PID are routed by the PID 
identifier 950 to a continuity count checker 954, which 
verifies sequence integrity for this PID. Any errors are 
noted at 956, but specific handling of errors is not 
relevant to understanding the present invention. The 
packet's continuity value is preserved for use in checking 
the sequence of packets to follow. A corresponding 
continuity check 958 is done for packets with the primary 
PID using the independent primary counter, and again any 
errors are noted at 960. 

The secondary packet is checked for a secondary flag 
at block 962 . This Boolean indicator is used to remember 
if a secondary packet has been processed since the last 
clear packet . More than one secondary packet between clear 
packets is an error in this embodiment and is noted at 964. 
Presence of a secondary packet is remembered by setting the 
secondary flag at block 966. 

The continuity counter of the secondary packet is 
changed at block 968 to fit into the sequence of the clear 
packets. Data for this substitution comes from the value 
used to verify continuity of the primary stream at 958. 
The revised packet is sent out from block 968 and merged 
into the revised stream forming the output stream. 

After packets with primary PIDs have had their 
continuity checked at block 958, they are differentiated at 
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block 970 by the scrambling flags in the header. If the 
packet is scrambled, the primary flag is queried at block 
974. This primary flag Boolean indicator is used to 
remember if a primary encrypted packet has been processed 
since the last clear packet. More than one encrypted 
primary packet between clear packets is an error in this 
embodiment and is noted at 976 before the packet is 
discarded at 978. Presence of an encrypted primary packet 
is remembered by setting the primary flag at block 980. If 
there is no downstream consumer for the primary encrypted 
packet, it can be discarded at 978. In some cases it may 
be necessary for the packet to continue on (in which case 
its continuity counter can use the discarded secondary 
continuity value) . 

If the primary PID scramble test at block 970 detects 
a clear packet, the state of the secondary and primary 
flags is tested at block 984. Valid conditions are neither 
set and both set, since encrypted packets should come in 
matched pairs. A sequence of one without the other should 
be noted as an error at 988. However, the order of 
appearance is inconsequential in this embodiment. It 
should be noted that there may be other ways to flag a 
primary packet for deletion other than the scrambling bits 
in the transport header, e.g. the transport_priority bit. 
Also, it is possible not to use any bits what-so-ever , e.g. 
using the primary packet's simple positional information, 
before or after the secondary packet, as an indicator for 
replacement . 

Clear packets with the primary PID then have their PID 
value changed at block 992 to the secondary PID before 
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being output in the revised output stream. Alternatively, 
the secondary PID packets can be remapped to the primary 
PID value. The content can be decoded when the decoder is 
provided with the correct PID for decoding the content 
(whether the primary or secondary PID) . Presence of a 
clear packet also clears the primary and secondary Boolean 
flags . 

In all the embodiments proposed, the secondary packet 
can be inserted adjoining the primary packet to be replaced 
even when a series of primary packets are tagged for 
replacement. However, in some instances, it may facilitate 
head-end partial scrambling if multiple encrypted packets 
can be inserted into the stream without the intervening 
secondary packets. In order to accommodate multiple 
consecutive encrypted packets (such as with the M th and N 
partial encryption method) , the use of primary and 
secondary flags can be replaced with a counter matching 
test function. Thus, in place of blocks 962, 964 and 966, 
a secondary encrypted packet counter can be incremented. 
In place of blocks 970, 974, 976 and 980, a primary 
encrypted packet counter can be incremented. Block 984 can 
be replaced with a comparison of the primary and secondary 
encrypted packet counters to assure that the same number of 
encrypted packets is received in both the primary and 
secondary paths. Instead of clearing flags at block 992, 
the counters are cleared. Using this variation, multiple 
encrypted packets may be consecutively received and the 
number received is compared to monitor the integrity of the 
data stream. Other variations will occur to those skilled 
in the art . 
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The function described above in connection with FIGURE 
17 can be integrated into an A/V decoder chip that 
functions similar to that of the commercially available 
Broadcom® series 70xx or 71xx decoder used in commercial 
set -top boxes. FIGURE 18 illustrates an exemplary diagram 
for such a decoder chip where the functions already 
provided in the commercial chip are essentially unchanged. 
Normally, commercial decoder chips expect there to be a 
one-to-one correspondence between the PIDs and program 
components (e.g., audio or video) . 

The decoder illustrated in FIGURE 18 permits multiple 
PIDs to be programmed into the decoder via a connection to 
the STB central processor so that both primary and 
secondary PIDs can be handled for main audio, main video 
and a secondary video used for picture-in-picture (PiP) 
functions. In this embodiment, the raw data stream is 
received by a packet sorter 1002 that provides a function 
similar to that described in connection with FIGURE 17 
above to demultiplex the stream of packets based upon PID. 
Preferably, a decoder may be utilized to carry out the PID 
sorting function of packet sorter 1002 using hard wired 
logic circuitry rather than programmed software. Program 
guide and stream navigation information is output for use 
by an STB's main processor, for example. The packets 
associated with the main audio program are buffered in a 
FIFO 1006, decrypted in a decrypter 1010 and then buffered 
at 1014 for retrieval by an MPEG audio decoder 1018 as 
needed. Decoded MPEG audio is then provided as an output 
from the decoder. 
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In a similar manner, packets associated with the main 
video program are buffered in a FIFO 1024, decrypted in a 
decrypter 1028 and then buffered at 1032 for retrieval by 
an MPEG video decoder 103 6 as needed. Decoded MPEG video 
for the main channel is then provided to a compositer 1040 
and then provided as an output from the decoder. 
Similarly, packets associated with PiP video are buffered 
in a FIFO 1044, decrypted in a decrypter 1048 and then 
buffered at 1052 for retrieval by an MPEG video decoder 
1056 as needed. Decoded MPEG video for the PiP channel is 
then provided to the compositer 104 0 where it is combined 
with the main channel video and then provided as a decoded 
video output from the decoder. Other packets not 
associated with the main or PiP channel are discarded. Of 
course, other functions may be incorporated in the decoder 
chip or deleted without departing from embodiments of the 
present invention . 

Referring now to FIGURES 19A-19G, exemplary 
embodiments of streams of A/V content transmitted from a 
head-end to a digital device (e.g., STB) are shown. For 
those embodiments of FIGURES 19A-19E, each stream of A/V 
content features an IP datagram 1100 segmented according to 
a Moving Picture Experts Group (MPEG) transport layer 
configuration. For those embodiments of FIGURES 19F and 
19G, each stream of A/V content is not configured in 
accordance with MPEG transport requirements. Rather, each 
stream is a program stream of Packetized Elementary Stream 
(PES) packets. A/V content associated with the PES packets 
is recovered at the tuner/demodulator 904 of FIGURE 16. 
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Herein, with respect to FIGURE 19A, IP datagram 1100 
comprises an IP header 1110 and a body 1120 containing one 
or more MPEG packets 1130i-1130 N (N>1) . Each MPEG packet 
1130i (l<_i<N) comprises a MPEG header and a payload (not 
shown). Herein, for this embodiment, IP datagram 1100 may 
be up to 64 kilobytes in length. It is contemplated, 
however, that other lengths may be utilized. 

As shown in FIGURE 19B, the IP header 1110 comprises a 
version field 1111, one or more length fields 1112, a 
protocol field 1113, a source address field 1114, a 
destination address field 1115 and optional padding 1116. 
According to one embodiment of the invention, the version 
field 1111 merely identifies the version number of the IP 
protocol. The length field (s) 1112 indicate the length of 
the IP header 1110 and/or total length of the IP datagram 
1100. The protocol field 1113 identifies the transport 
layer process for the IP datagram 1100. The source address 
field 1114 includes an IP address of the sender of the IP 
datagram 1100 while the destination address field 1115 
includes the IP address of the targeted recipient of the IP 
datagram 1100. The padding 1116 is optional information or 
filler to ensure that the IP header 1110 is a multiple of 
32-bits . 

The body 1120 of the IP datagram 1100 further comprises 
one or more MPEG packets 1130i-1130 N . Capable of being 
sized for a given byte length (e.g., 188 bytes long), each 
MPEG packet 1130i comprises a MPEG header including a 
sync_byte 1141, a transport_error_indicator 114 2, a 
payload_unit_start__indicator 1143, a transport priority 
1144, a PID 1145, a transport scrambling control 1146, an 
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adaptation field control 1147 and a continuity_counter 1148, 
as shown in FIGURE 19C. 

In particular, as described above, PID 1145 is a M-bit 
field (e.g., 10<JV1<15, M=13 for this embodiment), indicating 
the type of data stored in the packet payload. The type of 
data may be provided by the PID value itself or by a table 
(e.g., Program Association Table "PAT") . The specifics of 
the Program Association Table and the defined fields 1141- 
1148 of the MPEG packet 1130i are set forth in an 
International Telecommunication Union (ITU) H. 222.0 standard 
entitled "Transmission of Non-Telephone Signals," published 
on or around July 1995, which is incorporated herewith by 
reference . 

For this embodiment of FIGURE 19A-19C, there is a one- 
to-one mapping between a PID value supported by the IP 
datagram 1100 and a multicast IP address contained in the 
destination address field 1115 of the IP header 1110. As a 
result, only one type of A/V content (e.g., video or audio 
or data) can be supported by the IP datagram 1100. For 
instance, the transmission of video may be accomplished by 
each MPEG packet 1130i being assigned a unique PID (e.g., 
PID1) . Thus, only those MPEG packets assigned PID1 may be 
routed as part of the IP datagram 1100. 

With respect to FIGURE 19D, a second embodiment for IP 
datagram 1100 is shown. IP datagram 1100 comprises the IP 
header 1110 and the body 1120, which contains one or more 
MPEG packets 1160i-1160 N (N>1) . Each MPEG packet 1160i 
(l<i<N) is constructed based on the presumption of a packet 
filter deployed within the digital device. 
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In some embodiment, the optional packet filter may be 
deployed as a component of the tuner/demodulator 904 or a 
component of the decoder block 908 itself (see FIGURE 16) . 
For instance, the packet filter operates as a demultiplexer 
by enabling MPEG packets associated with different content 
types, different encryption methods, or duplicative content 
to be transmitted over the same IP datagram 1100. It is 
contemplated, however, that software-based packet filters 
and descramblers enable selective encryption/descrambling 
of portions of the MPEG packets, and not the entire packet. 

As an illustrative example, according to this 
embodiment, a first MPEG packet 113 0i is video and features 
a first PID (PID1) . A second MPEG packet 1130 2 is audio 
associated with the video of the first MPEG packet 1130i. 
The second MPEG packet 1130 2 features a second PID (PID2) . 
Similarly, a third MPEG packet 1130 3 is data associated with 
the video & audio of the MPEG packets 1130i and 1130 2 . The 
third MPEG packet 1130 3 features a third PID (PID3) , where 
PID1, PID2 and PID3 are not equal to each other. The 
packet filter detects the different packet types, buffers 
as necessary, and routes the A/V content to the descrambler 
for appropriate MPEG decoding. 

With respect to FIGURE 19E, a third embodiment for IP 
datagram 1100 is shown. IP datagram 1100 comprises the IP 
header 1110 and the body 112 0, which contains one or more 
MPEG packets 1170i-1170 N (Nj>l) . More specifically, as 
shown, the IP datagram 1100 comprises MPEG packets 1170i- 
1170 6 of which one MPEG packet 1170 3 utilizes a secondary 
PID (referred to as U PID2"). PID2 denotes that the MPEG 
packet 1170 3 is associated with duplicative A/V content. 
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More specifically, for this IP datagram, secondary PIDs are 
used to tag packets that carry duplicative A/V content 
which, for some embodiments, may be due caused by the A/V 
content being encrypted using a different encryption 
method. As an example, MPEG packet 1170 2 contains the same 
content as MPEG packet 1170 3 , but is encrypted using a 
different key or algorithm. This enables more efficient 
multicasting of the content. The packet filter identifies 
the secondary PID (operating as a tag for the MPEG packet 
1170 3 ) , provides the duplicative content to the descrambler 
and discards the content associated with the MPEG packet 
1170 4 associated with the primary PID. 

With respect to FIGURES 19F & 19G, fourth and fifth 
embodiments for the IP datagram 1100 are shown. For these 
embodiments of the invention, no MPEG transport is 
provided. Thus, the A/V content (e.g., video, audio, data, 
or combinations) is sent directly as a collection of PES 
packets 1180. The data structure of the PES packets is 
described in the International Telecommunication Union 
(ITU) H. 222.0 standard described above. FIGURE 19F 
represents the IP datagram 1100 having a secondary tag or 
header field 1190 to contain information corresponding to 
that information within an MPEG-2 transport header. FIGURE 
19G represents the IP datagram 1100 having no secondary tag 
or header field, rather control information is included in 
PES packets 1195 

In the foregoing description, the invention is 
described with reference to specific exemplary embodiments 
thereof. It will, however, be evident that various 
modifications and changes may be made thereto without 
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departing from the broader spirit and scope of the present 
invention as set forth in the appended claims. The 
specification and drawings are accordingly to be regarded 
in an illustrative rather than in a restrictive sense. 

Moreover, the present techniques can be used in any 
other suitable content delivery scenario including, but not 
limited to, terrestrial broadcast based content delivery 
systems, Internet based content delivery, satellite based 
content delivery systems such as, for example, the Digital 
Satellite Service (DSS) such as that used in the DirecTV™ 
system, as well as package media (e.g. CDs and DVDs) . 
These various alternatives are considered equivalent for 
purposes of this document, and the embodiment described 
herein should be considered to be an exemplary embodiment 
presented for illustrative purposes. 



